From 1819c4b59b81ba4db2a38d3b3dc81f29102fde51 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Mon, 17 Apr 2023 12:36:50 -0400 Subject: [PATCH] Add new user types `reserved`, `bot`, and `remote` (#24026) This allows for usernames, and emails connected to them to be reserved and not reused. Use case, I manage an instance with open registration, and sometimes when users are deleted for spam (or other purposes), their usernames are freed up and they sign up again with the same information. This could also be used to reserve usernames, and block them from being registered (in case an instance would like to block certain things without hardcoding the list in code and compiling from scratch). This is an MVP, that will allow for future work where you can set something as reserved via the interface. --------- Co-authored-by: delvh Co-authored-by: John Olheiser --- models/user/user.go | 16 +++++++++++++++- services/auth/source/db/authenticate.go | 8 ++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/models/user/user.go b/models/user/user.go index 5709ed7ff2..5f152780bf 100644 --- a/models/user/user.go +++ b/models/user/user.go @@ -41,6 +41,18 @@ const ( // UserTypeOrganization defines an organization UserTypeOrganization + + // UserTypeReserved reserves a (non-existing) user, i.e. to prevent a spam user from re-registering after being deleted, or to reserve the name until the user is actually created later on + UserTypeUserReserved + + // UserTypeOrganizationReserved reserves a (non-existing) organization, to be used in combination with UserTypeUserReserved + UserTypeOrganizationReserved + + // UserTypeBot defines a bot user + UserTypeBot + + // UserTypeRemoteUser defines a remote user for federated users + UserTypeRemoteUser ) const ( @@ -312,6 +324,7 @@ func GetUserFollowers(ctx context.Context, u, viewer *User, listOptions db.ListO Select("`user`.*"). Join("LEFT", "follow", "`user`.id=follow.user_id"). Where("follow.follow_id=?", u.ID). + And("`user`.type=?", UserTypeIndividual). And(isUserVisibleToViewerCond(viewer)) if listOptions.Page != 0 { @@ -333,6 +346,7 @@ func GetUserFollowing(ctx context.Context, u, viewer *User, listOptions db.ListO Select("`user`.*"). Join("LEFT", "follow", "`user`.id=follow.follow_id"). Where("follow.user_id=?", u.ID). + And("`user`.type=?", UserTypeIndividual). And(isUserVisibleToViewerCond(viewer)) if listOptions.Page != 0 { @@ -959,7 +973,7 @@ func GetUserByName(ctx context.Context, name string) (*User, error) { if len(name) == 0 { return nil, ErrUserNotExist{0, name, 0} } - u := &User{LowerName: strings.ToLower(name)} + u := &User{LowerName: strings.ToLower(name), Type: UserTypeIndividual} has, err := db.GetEngine(ctx).Get(u) if err != nil { return nil, err diff --git a/services/auth/source/db/authenticate.go b/services/auth/source/db/authenticate.go index ec89984499..76445e0d6d 100644 --- a/services/auth/source/db/authenticate.go +++ b/services/auth/source/db/authenticate.go @@ -40,5 +40,13 @@ func Authenticate(user *user_model.User, login, password string) (*user_model.Us } } + // attempting to login as a non-user account + if user.Type != user_model.UserTypeIndividual { + return nil, user_model.ErrUserProhibitLogin{ + UID: user.ID, + Name: user.Name, + } + } + return user, nil }